Sexy 'Siri' Can Open Up Your New iPhone to Attack

Below:

Next story in Security

Siri, the voice-activated personal assistant on the new iPhone
4S, can look up restaurant menus for you, calculate the number of
inches in a half mile, tell you the population of New Jersey,
even let you know if it will rain this weekend in any city in the
world. Unfortunately, Siri's courtesy is not limited to her
owner, and the convenience she provides actually leaves new
iPhones open to attack.

Graham Cluley, senior technology consultant for the security firm
Sophos, found that a person can speak a command into an iPhone
4S, even one that is locked and
protected with a passcode, and Siri will provide an answer.
Not only that, but, as Cluley demonstrated on a friend's iPhone,
he was able to write an email and send a text message, all from
the locked iPhone.

"If I had wanted to I could have meddled with his calendar
appointments, too," Cluley wrote on a Sophos
blog.

The security foul-up stems from the way the iPhone 4S configures
its passcode settings. The iPhone 4S provides users with the
option to passcode-protect phones; Siri, however, is a separate
entity, and by default, users are able to access it even when
their phones are locked.

Cluley expressed his disappointment in Apple for making Siri
accessible on locked phones by default. "They [Apple] could have
chosen to implement Siri securely, but instead they decided to
default to a mode which is more about impressing your buddies
than securing your calendar and email system," Cluley said.

Companies choosing default settings that compromise users'
security is of particular importance lately; Amazon has received
criticism, and questions from Congress, over news that Silk, the
Web browser in its soon-to-be-released
Kindle Fire tablet, will collect customers' browsing
histories.

To prevent someone from accessing Siri and taking advantage of
what you thought was your own private, personal assistant, go to
the Passcode Lock screen and disable access to Siri on locked
phones.